What's the right length for a password? A jump from standard eight to twelve character passwords could mean the difference between a breach and ironclad security, researchers found.
It’s common knowledge that more the number of characters in your password the better your security. That’s simply theoretical, because for a hacker even an eight character password could be a walk in the park.
Researchers at the Georgia Institute of Technology used a cluster of graphics cards and brute force attacks to penetrate an eight-character long password string, in just two hours.
But when their method went up against a 12-character password, it fell flat. Actually it will take 17,134 years to crack it. Joshua Davis, one of the research scientists said, "The length of your password in some cases can dictate the vulnerability.”
But why a 12-character password; why not 11 or 13 you might ask? As the researchers say, the number 12 meets the needs of ‘convenience and security’. It all probably works out to permutations and combinations that a sophisticated password attack can try in a span of time.
With a 12-character password, time is the biggest ally of security. It will take a number crunching 180 years to break down an 11-character password. Add one more character, and the cracking time leapfrogs to 17,134 years.
It is always recommended to take advantage of the maximum password characters permissible. For example, look at Fidelity.com, a financial site that gives a max limit of 32-character passwords. Complexity of the password is directly proportional to more security. Complete sentences pass muster, but it’s also prudent not to use logical English words as single passwords. Dictionary attacks can break such passwords quite easily.
Hacking is not rocket science. In fact the researchers used cheap graphic cards running simple computations simultaneously to crack open standard eight character passwords. For such scenarios, it’s comforting to know that four more characters can make your online accounts unassailable.